What Is Claimed Is: 



x 1 \ 



A method for selectively auditing accesses to a relational database, 

' O ! 

3 receiving a query for the relational database; 

4 modifying the query so that processing the query causes an audit record to 

5 be created and recorded for rows in relational tables that are accessed by the query 

6 and that satisfy an auditing condition; 

7 processing the modified query to produce a query result, wherein 

8 processing the modified query includes, 

9 creating the audit record for rows in relational tables that 

1 0 are accessed the query and that satisfy the auditing condition, 

11 and 

12 recording t^e audit record in an audit record store; and 

1 3 returning the query result. 

1 2. The method of claim 1 , nirther comprising, if the query includes a 

2 select statement, inserting a case statement into the select statement that calls a 

3 function that causes the audit record to be cheated and recorded if the auditing 

4 condition is satisfied. 

1 3 . The method of claim 2, further comprising ensuring that the case 

2 statement is evaluated near the end of the query processing so that the case 

3 statement is evaluated only after other conditions of ttte query are satisfied, so that 

4 the audit record is created only for rows that are actuall\accessed by the query. 
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1 4. 'Aie method of claim 1 , further comprising retrieving the auditing 

2 condition for a given table from a data structure associated with the given table. 

1 5. The method of claim 1 , wherein if the query modifies at least one 

2 entry in the relationaftdatabase, using a relational database system trigger to create 

3 and record the audit retord for the modification to the relational database. 

1 6. The method of claim 2, wherein inserting the case statement into 

2 the query further comprises;: 

3 inserting the case statement into the query; 

4 allowing a query processor to allocate buffers for the query; 

5 removing the case statement from the query; 

6 allowing the query processor to generate a query plan for the query; and 

7 scheduling the case statement near the end of the query plan to ensure that 

8 the case statement is evaluated onlyVfter other conditions of the query are 

9 satisfied, so that the audit record is created only for rows that are actually accessed 
10 by the query. \ 

1 7. The method of claim 1 , wherein the audit record includes: 

2 a user name for a user making the query; 

3 a time stamp specifying a time of the query; and 

4 a text of the query. \ 

1 8. The method of claim 1 , wherein theVuditing condition includes a 

2 condition for a field within the relational database. \ 
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1 9. ^ A computer-readable storage medium storing instructions that 

2 when executed by a computer cause the computer to perform a method for 

3 selectively auditing accesses to a relational database, the method comprising: 

4 receiving a queiy fur ihe relational database; 

5 modifying the query so that processing the query causes an audit record to 

6 be created and recorded for rows in relational tables that are accessed by the query 

7 and that satisfy an auaiting condition; 

8 processing the modified query to produce a query result, wherein 

9 processing the modified query includes, 

1 0 creating the audit record for rows in relational tables that 

1 1 are accessed by the query and that satisfy the auditing condition, 

12 and \ 

1 3 recording the audit record in an audit record store; and 

14 returning the query result\ 

1 10. The computer-readable storage medium of claim 9, wherein the 

2 method further comprises, if the query includes a select statement, inserting a case 

3 statement into the select statement thaAcalls a function that causes the audit record 

4 to be created and recorded if the auditing condition is satisfied. 

1 11. The computer-readable storage medium of claim 1 0, wherein the 

2 method further comprises ensuring that the Case statement is evaluated near the 

3 end of the query processing to that the case statement is evaluated only after other 

4 conditions of the query are satisfied, so that theVudit record is created only for 

5 rows that are actually accessed by the query. \ 
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1 12. The computer-readable storage medium of claim 9, wherein the 

2 method further comprises retrieving the auditing condition for a given table from 

3 a data structure associated with the given table. 

1 13. The cbmputer-readable storage medium of claim 9, wherein if the 

2 query modifies at least one entry in the relational database, the method further 

3 comprises using a relational database system trigger to create and record the audit 

4 record for the modification to the relational database. 

1 14. The computer-readable storage medium of claim 1 0, wherein 

2 inserting the case statement into the query further comprises: 

3 inserting the case statement into the query; 

4 allowing a query processor to allocate buffers for the query; 

5 removing the case statenW from the query; 

6 allowing the query processor to generate a query plan for the query; and 

7 scheduling the case statement near the end of the query plan to ensure that 

8 the case statement is evaluated only after other conditions of the query are 

9 satisfied, so that the audit record is creVted only for rows that are actually accessed 
10 by the query. \ 

1 15. The computer-readable storW medium of claim 9, wherein the 

2 audit record includes: \ 

3 a user name for a user making the quefy; 

4 a time stamp specifying a time of the query; and 

5 a text of the query. \ 
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1 1 6. The computer-readable storage medium of claim 9, wherein the 

2 auditing condition includes a condition for a field within the relational database. 



i / . An apparatus that selectively audits accesses to a relational 

2 database, comprising 

3 a receiving mechanism that is configured to receive a query for the 

4 relational database; 

5 a query modification mechanism that is configured to modify the query so 

6 that processing the query causes an audit record to be created and recorded for 

7 rows in relational tables that are accessed by the query and that satisfy an auditing 

8 condition; 

9 a query processor that k configured to process the modified query to 

1 0 produce a query result, whereinWocessing the modified query includes, 

1 1 creating thfe audit record for rows in relational tables that 

12 are accessed by the^uery and that satisfy the auditing condition, 

13 and 

14 recording the aiidit record in an audit record store; and 

1 5 a returning mechanism that is configured to return the query result. 

1 18. The apparatus of claim 1 7, wherein if the query includes a select 

2 statement, the query modification mechanism\s configured to insert a case 

3 statement into the select statement that calls a faction that causes the audit record 

4 to be created and recorded if the auditing condition is satisfied. 

1 1 9. The apparatus of claim 1 8, wherein the query modification 

2 mechanism is configured to ensure that the case statement is evaluated near the 

3 end of the query processing so that the case statement isWluated only after other 
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4 conditions of tile query are satisfied, so that the audit record is created only for 

5 rows that are actually accessed by the query. 



1 20. The apparatus of claim 1 7, wherein the query modification 

2 mechanism is configttred to retrieve the auditing condition for a given table from a 

3 data structure associated with the given table. 

1 21. The apparatus of claim 1 7, wherein if the query modifies at least 

2 one entry in the relational database, the apparatus uses a relational database 

3 system trigger to create and \ecord the audit record for the modification to the 

4 relational database. 

1 22. The apparatus of tyaim 1 8, wherein the query modification 

2 mechanism is configured to: 

3 insert the case statement intk the query; 

4 allow the query processor to Allocate buffers for the query; 

5 remove the case statement from the query; 

6 allow the query processor to genferate a query plan for the query; and 

(R \ 

n 7 schedule the case statement near the end of the query plan to ensure that 

l - ■* 8 the case statement is evaluated only after other conditions of the query are 

9 satisfied, so that the audit record is created d^ly for rows that are actually accessed 

10 by the query. 

1 23. The apparatus of claim 1 7, wherenj the audit record includes: 

2 a user name for a user making the query; 

3 a time stamp specifying a time of the query; ^nd 

4 a text of the query. 



id 
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1 24 ' rV 6 apparatus of claim 1 7 > wher ein the auditing condition includes 

2 a condition for a field within the relational database. 
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